<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>For LDAP: GNOME Data Access 5 manual</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="GNOME Data Access 5 manual">
<link rel="up" href="limitations.html" title="Limitations">
<link rel="prev" href="limitations_sqlcipher.html" title="For SQLCipher">
<link rel="next" href="limitations_jdbc.html" title="For JDBC based providers">
<meta name="generator" content="GTK-Doc V1.32 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="limitations.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="limitations_sqlcipher.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="limitations_jdbc.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="limitations_ldap"></a>For LDAP</h2></div></div></div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.2.12.8.2"></a>User name</h3></div></div></div>
<p>
	LDAP requires a Distinguished Name (DN) to bind a connection. Libgda also accepts a user name which is
	not a DN; in this case it will first connect anonymously to the server, search for the DN corresponding
	to the user name, and then bind again using the found DN. The search is done on the "uid" attribute matching
	the username, and the object class being "inetOrgPerson" (the LDAP filter
	is "(&amp;(uid=?)(objectclass=inetOrgPerson))" where the question mark is replaced by the username).
      </p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.2.12.8.3"></a>SSL/TLS certificate validation</h3></div></div></div>
<p>
	The TLS_REQCERT and TLS_CACERT options are taken into account by the LDAP provider, and
	passed to the OpenLDAP library which is actually used. These options are global and set
	by the first opened LDAP connection (i.e. all other LDAP connections share the same
	settings, regardless of their TLS_REQCERT and TLS_CACERT options).
      </p>
<p>
	The TLS_REQCERT and TLS_CACERT options have a higher priority compared to the
	options set in the <code class="filename">$HOME/.ldaprc</code>.
      </p>
<p>
	If the server certificate can't he checked (i.e. the certification chain established and
	verified) when it is required that it be, then the connection will not he established and the
	returned error will be "Can't contact LDAP server".
      </p>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.32</div>
</body>
</html>